Tag Archives: WPA3

WPA2 Cracking Simplified By New Research

It has only been approximately nine months since the last vulnerability disclosure regarding WPA2 wireless encryption and we have another disclosure. The developer of the well known password cracking application; Hashcat, Jens “atom” Steube has detailed how to more easily retrieve and crack the Pairwise Master Key Identifier (PMKID)(defined).

Why should this vulnerability be considered important?
Previous vulnerability disclosures required the attacker to capture wireless traffic and wait until they recorded a full authentication handshake. This newer disclosure requires only a single frame (defined) which the attacker can obtain on demand by attempting to access the WiFi network. The PMKID is then cracked (using a brute force attack (defined) to obtain the wireless encryption key (the Pre-Shared Key (PSK)). This vulnerability allows the attacker to begin a brute force attack much easier than before,

To confirm that both the router and the client device know the PSK a PMK is used and is thus a normal part of the 4 way handshake used with WPA2. This new vulnerability will work against routers using 802.11i/p/q/r while roaming is enabled according to Jens Steube.

Further Technical Details of this vulnerability are as follows:
The PMKID is contained within the RSN IE ((Robust Security Network Information Element) field of an EAPOL (defined) frame . How the PMKID is generated is described in more detail in Steube’s post.

The MAC address (defined) of the wireless access point can be determined by the attacker allowing them to know the manufacturer of the device they are attacking. This allows them to pre-generate patterns and pass them into the Hashcat tool speeding up the attack. A PSK of 10 characters in length will take about 8 days to crack using a 4 GPU (defined) system.

How can I protect myself from this vulnerability?
Steube recommends using a password manager to generate a PSK of 20 to 30 characters in length. For your information; the PSK used by my router has been for many years 64 characters long. While it makes entering this into a device a real pain (however I don’t do this often). Moreover I use shorter temporary guest passwords for friends devices (it also prevents them accessing my true intranet); it makes the router more secure against an attack such as this.

You can also make the attackers work harder by employing WPA2-Enterprise (rather than the more regular WPA2-AES). WPA3 is not thought to be vulnerable to this method of attack.

Thank you.

Blog Post Shout Out: Meltdown , Spectre Article and WPA3

I wish to provide a respectful shout out to the following articles for providing useful information on emerging vulnerabilities and technologies.

With the large media coverage of the Meltdown and Spectre CPU hardware vulnerabilities (including this blog!) the following Ars Technica article is particularly useful since it describes in detail (but still in an easy to understand manner) how two CPU instructions present in modern CPUs help to alleviate the performance impact.

The article also describes (all in one place) the 3 mitigations Intel have added to their CPUs using a microcode update. AMD CPUs meanwhile added 2 mitigations (the difference in numbers is also explained).


With the announcement of the new wireless security protocol WPA3 at CES earlier this month; it was relatively easy to learn of the security changes the new WiFi standard will introduce. These changes are very welcome with the publication of the KRACK vulnerability for WPA2 last year. However the questions I wanted to know the answers for were not as straightforward:

  1. While devices with WPA3 are set to be made available in 2018; will they arrive late or earlier this year?
  2. Are the WPA2 devices I have now likely to work with a new WPA3 router?
  3. Will it be pointless to have a WPA3 router if all or most of my devices are WPA2 since it cannot provide both standards of security at the same time?

All of the above questions are addressed in this How to Geek article. I hope you find these articles helpful. Thank you.